Remove any unused shares and harden the NTFS permissions on any essential shares. By default all users have full control on newly created file shares. Harden these default permissions to ensure that only authorized users can access files exposed by the share. In addition to explicit share permissions, use NTFS ACLs for files and folders exposed by the share.
During this step, you:
Remove unnecessary shares .
Restrict access to required shares .
Remove all unnecessary shares. To review shares and associated permissions, run the Computer Management MMC snap-in, and select Shares from Shared Folders as shown in Figure 16.3.
Remove the Everyone group and grant specific permissions instead. Everyone is used when you do not have restrictions on who should have access to the share.
If you do not allow remote administration of your server, remove unused administrative shares, for example C$ and Admin$ .
Note | Some applications may require administrative shares. Examples include Microsoft Systems Management Server (SMS) and Microsoft Operations Manager (MOM). For more information, see Microsoft Knowledge Base article 318751, "How To: Remove Administrative Shares in Windows 2000 or Windows NT 4.0." |